Microsoft Assessment and Planning (MAP) Toolkit for Audit

We have a client who got notification that Microsoft has ordered an audit to be conducted on their network. They were asked to run the MAP tool to generate a software license usage report. Any unlicensed software that the tool finds can be purchased to get "current and legal". As a result, no legal actions will be taken against the client. This is a new client that came to us from a vendor who still has access to their Open License account. The client told us that they know they are not in compliance on some software. They also said that their previous vendor had three other clients call this week about upcoming audits.

Question:

Is it advisable for us (or all of our clients) to run the MAP tool to verify compliance?

We stress to our clients the importance of being compliant.

Since we have not used this tool, we want to MAKE SURE WE DO NOT trigger an audit by running the assessment!!! Could this trigger an audit?

NOTE: We use other tools to gather network and licensing information, such as Belarc, Spiceworks, and MS Baseline Security Analyzer.

In my experience and in conversation with people who developed MAP and other MVPs who use it, MAP does NOT report ANYTHING identifiable back to Microsoft. I wouldn't hesitate to use the tool.

Indeed, if I understand this correctly "They also said that their previous vendor had three other clients call this week about upcoming audits." what probably happened is a disgruntled employee or someone who heard a radio commercial probably decided to report them to the BSA in hopes of collecting a reward for reporting license violators. More info, reference:http://www.bsa.org/country.aspx?sc_lang=en

I'll also add that if the client squares up and gets all the necessary licenses BEFORE receiving the letter requesting an audit then they should not be liable for any fines (as I understand the process). If you have seen the letter, great... my understanding comes mostly from http://blawg.bsadefense.com/

Featured Post

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!